Author: suresh Date: Wed Mar 13 14:36:42 2013 New Revision: 1455963 URL: http://svn.apache.org/r1455963 Log: HADOOP-7101. Merge change 1455953 from branch-1
Modified: hadoop/common/branches/branch-1.2/CHANGES.txt hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/security/TestUserGroupInformation.java Modified: hadoop/common/branches/branch-1.2/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/CHANGES.txt?rev=1455963&r1=1455962&r2=1455963&view=diff ============================================================================== --- hadoop/common/branches/branch-1.2/CHANGES.txt (original) +++ hadoop/common/branches/branch-1.2/CHANGES.txt Wed Mar 13 14:36:42 2013 @@ -523,6 +523,9 @@ Release 1.2.0 - unreleased HADOOP-9379. capture the ulimit info after printing the log to the console. (Arpit Gupta via suresh) + HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from + non-Hadoop JAAS context. (todd, backported by suresh) + Release 1.1.2 - 2013.01.30 INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1455963&r1=1455962&r2=1455963&view=diff ============================================================================== --- hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java (original) +++ hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/UserGroupInformation.java Wed Mar 13 14:36:42 2013 @@ -465,7 +465,11 @@ public class UserGroupInformation { static UserGroupInformation getCurrentUser() throws IOException { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); - return subject == null ? getLoginUser() : new UserGroupInformation(subject); + if (subject == null || subject.getPrincipals(User.class).isEmpty()) { + return getLoginUser(); + } else { + return new UserGroupInformation(subject); + } } /** Modified: hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/security/TestUserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1455963&r1=1455962&r2=1455963&view=diff ============================================================================== --- hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/security/TestUserGroupInformation.java (original) +++ hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/security/TestUserGroupInformation.java Wed Mar 13 14:36:42 2013 @@ -16,12 +16,7 @@ */ package org.apache.hadoop.security; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - +import static org.junit.Assert.*; import static org.mockito.Mockito.mock; import java.io.BufferedReader; @@ -32,6 +27,7 @@ import java.util.Collection; import java.util.LinkedHashSet; import java.util.Set; +import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; import junit.framework.Assert; @@ -339,4 +335,22 @@ public class TestUserGroupInformation { assertGaugeGt("loginFailure_avg_time", 0, rb); } } + + /** + * Test for the case that UserGroupInformation.getCurrentUser() + * is called when the AccessControlContext has a Subject associated + * with it, but that Subject was not created by Hadoop (ie it has no + * associated User principal) + */ + @Test + public void testUGIUnderNonHadoopContext() throws Exception { + Subject nonHadoopSubject = new Subject(); + Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction<Void>() { + public Void run() throws IOException { + UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + assertNotNull(ugi); + return null; + } + }); + } }